pgp attacks

pgp attacks

Post by Anthony E. Gree » Thu, 01 Jan 1998 04:00:00



-----BEGIN PGP SIGNED MESSAGE-----




>< snip>

>>PS where can i get the addon to make pgp 5.5.3 work with the older RSA
>>keys?

><snip>

>You can't.  :-(

>Get PGP 5.0 or PGP 5.5.1 for business.  My business version does a fine job
of
>generating and using RSA keys. and while it is priced at $119.00 (US) if
the
>RSA key ability is that important to you......

>Justin

The pay version of 5.5.3 will use, but not generate, RSA keys. I use my RSA
key to correspond with 5.5.3Payware users.

Tony

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCdAwUBNKom0ERUP9V4zUMpAQGAhwQ7BhigVNXH+jJxlfoLbaeDGIceqPf++IWl
YNbxSBZpCNRT14OowD0dEH53FRb9QjmPubR4wJgvTdnLXDfz54L1ajm0bCBhiaXc
j4B1EjZZpE2FWcnquhoQ1yfSzg3anqcleIV5E2z7uBUTw5IjDwj1OHDY3tB5ye43
eWQVqQYvvnBYXL9pBNNb8w==
=8ffD
-----END PGP SIGNATURE-----

P.S. PGP 5.5 (freeware) users will not be able to verify this
signature, although I can verify theirs. PGP 5.0 users can talk
to everyone. See link below.
 -------------------------------------------------------------

 Use PGP -- Envelopes and Signatures for Email
 What is PGP? <http://www.pobox.com/~agreene/pgp/>
 My PGP Key: <http://www.pobox.com/~agreene/pgp/agreene.key>
 FREEWARE Win95 PGP 5.0: <http://web.mit.edu/network/pgp.html>
 -------------------------------------------------------------

 
 
 

pgp attacks

Post by Tony L. Svanstr » Thu, 01 Jan 1998 04:00:00



> The other night in a show on the discovery channel about non-lethal
> weapons, computer security was discussed. among other things, they showed
> an attack against a drug cartel or something that was sending a pgp 2.6.2
> encrypted transaction to a swiss bank through the internet. in very vauge
> terms they said something like the public keys were intercepted, and the
> attacker acted as a middle-man in between the trafficers and was able to
> forge the transactions (changing the $$ transfered). how could this
> happen? did anyone see the show? where can i find out more about such
> threats? thanks.

I didn't see the show but I can still explain how this could happen.

Person A sent his public key to person B and
person B sent his public key to person A and
then they forgot to verify that they really had eachothers keys (or
their verification simply wasn't good enough); all the cops did was to
prevent the real keys from reaching its destination and instead sent a
key that they had created to the bank and one to the criminal...
The bank and the criminal never sent messages to eachother because both
of them sent messages to the cops.

     /Tony
--
                               /\___/\

        ---------------------oOO-(_)-OOo----------------------
           "We only live to please those we love" -- Aphrael
        ----------------------???---???-----------------------
          http://tls.base.org \O/   \O/ ?Tony Svanstrom 1997

 
 
 

pgp attacks

Post by David Sternligh » Thu, 01 Jan 1998 04:00:00




> > The other night in a show on the discovery channel about non-lethal
> > weapons, computer security was discussed. among other things, they showed
> > an attack against a drug cartel or something that was sending a pgp 2.6.2
> > encrypted transaction to a swiss bank through the internet. in very vauge
> > terms they said something like the public keys were intercepted, and the
> > attacker acted as a middle-man in between the trafficers and was able to
> > forge the transactions (changing the $$ transfered). how could this
> > happen? did anyone see the show? where can i find out more about such
> > threats? thanks.

> I didn't see the show but I can still explain how this could happen.

> Person A sent his public key to person B and
> person B sent his public key to person A and
> then they forgot to verify that they really had eachothers keys (or
> their verification simply wasn't good enough); all the cops did was to
> prevent the real keys from reaching its destination and instead sent a
> key that they had created to the bank and one to the criminal...
> The bank and the criminal never sent messages to eachother because both
> of them sent messages to the cops.

There's no trick to getting someone's public key. Thus the police could have
gotten the criminal's public key in any number of ways. The trick is in
persuading the criminal to use a bogus key for the bank.

Had the criminal independently verified the bank's public key, no amount of
traffic interception would have made the police scheme work.

There are two ways to do this (assuming the police have an intercept on your
phone and thus will send the bogus key if you try to contact a key server to
get it independently). The first is to use another path (e.g. a pay phone, or
a public computer somewhere and sneakernet). In most advanced countries you
could probably rent a hotel room and hook up a portable computer faster than
the police could get a wiretap installed, in order to get good keys. And there
are always airport "clubrooms" equipped with modem jacks on their phones, and
public libraries with computers and disk drives.

The second is to use only certifiers for which you already have THEIR key
(e.g. Thawte).

This can be done with PGP, with only a little difficulty (e.g. Thawte). It is
done automatically with S/MIME and rigid hierarchical certification. For the
police plan to work with S/MIME the police would have had to physically change
the CA keys in your browser, or arrange somehow that you had originally
obtained a bogus browser.

This story supports the FBI's assertion that there are stupid (or at least
lazy) criminals out there.

David

 
 
 

pgp attacks

Post by Infojunki » Thu, 01 Jan 1998 04:00:00


I read Tony's account of probability...and it could definitely work that
way...if the professional Swiss banking system weren't very security
conscious, and allowed the transfer of public keys over the open wire...I
would rather submit a compromise in the banks security by bribe or pressure
from our government via some agreement...etc...where the bank simply
supplies the keys and the agents leak Tony's scenerio to the news...lets
the bank off the hook and none are the wiser...and it is much easier...

It would work like this:

1.  Trafficer sends message...message intercepted by agents...decrypted
using banks private key...message read...amounts and information to bank
changed...messsage encrypted using the banks public key...message sent on
to the bank, where some unsuspecting teller processes it.

2.  Bank sends message, confirming the transaction...agents intercept
it...substitute messages using the trafficers public key...and send it
along, telling the trafficer that everything is okay, or whatever they
would like to say.

3. Where did the agents get the keys...why from the bank of course...they
got the bank's private and public keys, and the trafficers public
key...which allowed all of this to go on...remember, the bank is the only
one that has all of this information.

4. My premise for believing that there was a compromise at the bank is
supported by this...that the old Ted and Alice thing is wildly know by
every security consultant in the world...heck, I've read it time and again,
and it is supplied with all copies of PGP 5.0....therefore at the time the
account was opened, I believe a public key disk would be personally
transfered between parties...thus thwarting the middle man being able to
intercede...we are talking lots of money here...say the bank gives the
trafficer their public key on disk...he uses it to give the bank his public
key...via encrypted email...now the middle man cannot substitute this kind
of arrangement, because they will never know the trafficer's public
key...it was encrypted using the bank's public key...any messages returned
to the trafficer will have to be with his verifiable key...are we to
believe the Swiss' cryptosystem is this slack...openly transfering public
keys in unprotected email.   Hey, I'm just a common Joe...and I wouldn't
want this to happen...

Note: The above is only my opinion....not an espousal of great world
truth...just food for thought...the world is not a safe place for
electronic information...guard yours...use PGP...verify keys...

The Infojunkie....




> > The other night in a show on the discovery channel about non-lethal
> > weapons, computer security was discussed. among other things, they
showed
> > an attack against a drug cartel or something that was sending a pgp
2.6.2
> > encrypted transaction to a swiss bank through the internet. in very
vauge
> > terms they said something like the public keys were intercepted, and
the
> > attacker acted as a middle-man in between the trafficers and was able
to
> > forge the transactions (changing the $$ transfered). how could this
> > happen? did anyone see the show? where can i find out more about such
> > threats? thanks.

> I didn't see the show but I can still explain how this could happen.

> Person A sent his public key to person B and
> person B sent his public key to person A and
> then they forgot to verify that they really had eachothers keys (or
> their verification simply wasn't good enough); all the cops did was to
> prevent the real keys from reaching its destination and instead sent a
> key that they had created to the bank and one to the criminal...
> The bank and the criminal never sent messages to eachother because both
> of them sent messages to the cops.

>      /Tony  <Tony...this is an excellent explantion, and in lieu of the

compromise scenario above...probable....the Infojunkie...>

- Show quoted text -

> --
>                                /\___/\

>         ---------------------oOO-(_)-OOo----------------------
>            "We only live to please those we love" -- Aphrael
>         ----------------------???---???-----------------------
>           http://tls.base.org \O/   \O/ ?Tony Svanstrom 1997

 
 
 

pgp attacks

Post by Duncan Sco » Thu, 01 Jan 1998 04:00:00




>> The other night in a show on the discovery channel about non-lethal
>> weapons, computer security was discussed. among other things, they showed
>> an attack against a drug cartel or something that was sending a pgp 2.6.2
>> encrypted transaction to a swiss bank through the internet. in very vauge
>> terms they said something like the public keys were intercepted, and the
>> attacker acted as a middle-man in between the trafficers and was able to
>> forge the transactions (changing the $$ transfered). how could this
>> happen? did anyone see the show? where can i find out more about such
>> threats? thanks.
>I didn't see the show but I can still explain how this could happen.
>Person A sent his public key to person B and
>person B sent his public key to person A and
>then they forgot to verify that they really had eachothers keys (or
>their verification simply wasn't good enough); all the cops did was to
>prevent the real keys from reaching its destination and instead sent a
>key that they had created to the bank and one to the criminal...
>The bank and the criminal never sent messages to eachother because both
>of them sent messages to the cops.
>     /Tony
>--
>                               /\___/\

>        ---------------------oOO-(_)-OOo----------------------
>           "We only live to please those we love" -- Aphrael
>        ----------------------???---???-----------------------
>          http://tls.base.org \O/   \O/ ?Tony Svanstrom 1997

        Yeah, saw the same show and wondered the same thing. He was a
government contractor -- maybe this was Uncle's way of reducing
confidence in PGP?
 
 
 

pgp attacks

Post by Ron Hei » Fri, 02 Jan 1998 04:00:00



>are we to
>believe the Swiss' cryptosystem is this slack...openly transfering public
>keys in unprotected email.

You still seem to have trouble with the word "public". You seem to think
that there is a problem with public keys being public. What problem do you
think there is? Try exploiting it with either of my public keys. Here they
are. You can't get much more public than this!

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP for Personal Privacy 5.0

mQENAzPNu/EAAAEIAJmdUYalCwM0BSzsCIYsdgYUZ5Dyl5+7vaUVK3hIN9EXNRqF
qHtoQuPtMW1D7yzgpNBInJqfLRCNj+GKgLDuCPAIgiXX8ATWSC88giVLoOrtvhK6
rD1FJ/F8hnbWY/t7HDH5vhZLx6MkQ1Hum2gjzfI5Y4USjFAAT7rjYyI1mZFBYcLe
tXLKlj3CFU3UmNh0KE8BwHLkF+Jzzf2NWJ6AO9mgsEpWWY5C3P0FEgFFyALFGBPY
L6Fe8aigi97+jABkAuBFnbWD2EmueIsiGnMttnYj7yqv0SaSrxbN0Mwcu7PHy4Xs
W5/LQJFi5LEEhAsjWj2aJHM581P966QJoVcbVb0ABRG0LFJvbmFsZCBXYWx0ZXIg
SGVpYnkgPGhlaWJ5QGZhbGtvci5jaGkuaWwudXM+iQEVAwUQM8278eukCaFXG1W9
AQERmwgAjlOA4Tf/A84u+xmvWZazZEI/FB+IXxZw3Ugftln/MW0W5RWYyptGw2H+
FkJJRQiNPAlPMsRCrlnnn3frIedwok9UQDpNybx1bLMsYenQ/j0eyKfbp9eG4MmZ
Y+kJ2KYIcDqMiTje3n+sgjwQkHONPYUwOY0fIeZLNqdeoFQ0l3+pUV57+vheuL83
3ajAtda4HNMoffhWWV2mHSuaQm8rR57+vVbP15QLhGuL7RN4BuS8Tz2puIwI/8B4
tyozEpbQhy31+Mv+hC5Rn5QKM5qvvgp4Xt2IASyCEBR7DOrrryTTcTY3hHGmkJg9
WRa9xxWOIqqcvlKls48CnjXXGonrirQuUm9uYWxkIFdhbHRlciBIZWlieSA8cmhl
aWJ5QHRoZS1zdHJhdGVnaXMuY29tPokBFQMFEDPyIc3rpAmhVxtVvQEBWscH/1Yp
LefuwTINc/RminZhGy6RcGdPhS0MNis8xzocY87NqO0HaxqyBJU/x+1wCbw0WUfm
O9M5IcT15lULW36VE5ZT1MwLE7+j/r+m2u5l4ppRh8CFQ0OH8OimSK9Ln0vML9zY
7NpWjPIcJouYkY9F6etW4a79xgf7Bp9iB6OcixiCLxzDS7CwJkyhlk02yyP1lWlE
Ok05ZSs76WDXqvhj25qzcYk3iEw58PgyhtgqYEfSb0La6FD0Kd0pOwY8YC9858X8
b75H1idXVlXOnYyXly8cpvhkl94BQ108/EJ/cHSWoh9GmxiAeE2xo5aCAaF9yAzn
KqKTWtqp1MrseSWiWjA=
=Zt2Z
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP for Personal Privacy 5.0

<encoded_portion_removed>
GK78IvnIX+xA
=G0ug
-----END PGP PUBLIC KEY BLOCK-----

--
Ron.

 
 
 

pgp attacks

Post by m.. » Sat, 03 Jan 1998 04:00:00




Quote:

>This can be done with PGP, with only a little difficulty (e.g. Thawte). It is
>done automatically with S/MIME and rigid hierarchical certification. For the
>police plan to work with S/MIME the police would have had to physically change
>the CA keys in your browser, or arrange somehow that you had originally
>obtained a bogus browser.

OR...(1) they could set themselves up as... or... (2)infiltrate ...the central
authenticating authority .

Quote:>This story supports the FBI's assertion that there are stupid (or at least
>lazy) criminals out there.

it also supports ed stone's implied contention that there is AT LEAST ONE
stupid,lazy, or insidious self styled security analyst out there

;-\

Z

 
 
 

pgp attacks

Post by David Sternligh » Sun, 04 Jan 1998 04:00:00





> >This can be done with PGP, with only a little difficulty (e.g. Thawte). It is
> >done automatically with S/MIME and rigid hierarchical certification. For the
> >police plan to work with S/MIME the police would have had to physically change
> >the CA keys in your browser, or arrange somehow that you had originally
> >obtained a bogus browser.

> OR...(1) they could set themselves up as... or... (2)infiltrate ...the central
> authenticating authority .

> >This story supports the FBI's assertion that there are stupid (or at least
> >lazy) criminals out there.

> it also supports ed stone's implied contention that there is AT LEAST ONE
> stupid,lazy, or insidious self styled security analyst out there

The above is presumably a reflexive statement, since my comment wasn't an
exclusive 'if and only if' one.

Sorry you have such a low opinion of yourself.

David

 
 
 

pgp attacks

Post by Anonymous Sende » Sun, 04 Jan 1998 04:00:00



Quote:

>Sorry you have such a low opinion of yourself.

>David

Feel better about yourself now Dave?
 
 
 

pgp attacks

Post by Topher Belkn » Tue, 06 Jan 1998 04:00:00





>>are we to
>>believe the Swiss' cryptosystem is this slack...openly transfering public
>>keys in unprotected email.
>You still seem to have trouble with the word "public". You seem to think
>that there is a problem with public keys being public. What problem do you
>think there is? Try exploiting it with either of my public keys. Here they
>are. You can't get much more public than this!

In general no there is no problem with public keys being public.
However those engaged in criminal activities have different criteria
for security.  Most people _want_ their public key associated with
their persona.

The main thing I got from this story is that it could not have
occurred without a lapse in key verification protocol (or compromise
of the financial instution).    I suspect that compromise of the
financial institution is a more reliable technique for government
forces than hoping for lax key verification in those they wish to
monitor.  As recent events have shown even the Swiss banking system
(and laws) are not immune to such pressure.

Topher